Phishing (pronounced like "fishing") is an attempt to contact a person, usually through e-mail, by misrepresenting themselves as a legitimate company or corporation in an attempt to gain private information about that user so it can be used for identity theft.
First some Don'ts:
- Do not enter any personal information, especially Social Security Numbers, Driver's License Numbers, User IDs and passwords, in a form displayed in an email message.
- Never click on a url in an email message that says it directs you to a company's site where you can fill out your personal information. The following link says it is going to take you to a usabank.com url but it actually sends you to VCSU's home page. https://mybank.usabank.com/member/login This is a very common practice in Phishing scams.
- Do not copy and paste the link from an email message into your browser for the purpose of filling out privacy information.
- Never fill out any personal information on any form, Email or Web, unless it is encrypted. To check for encryption, look for an icon of a "locked" padlock in your email or web browser window. This is usually located in the lower right hand corner of the application.
Now some Do's:
- If you suspect an email or another unsolicited form of communication may be a phishing attempt, DO report it to myself or another ITC staff member.
- If you suspect the message might be real, open your web browser (Internet Explorer, Netscape, FireFox or other) and type the address of the site into the address bar MANUALLY.
- Ask yourself some questions about the email message for a minute. Are you a customer of this company? Do you have an on-line account with them? Were you expecting an email from this company? If you are still unsure DO call the company and ask them if they sent this message.
- DO verify the encryption of a web site were you are entering personal information. Again, make sure you see
- the icon of a "locked" padlock in the lower right corner of your browser. Click on the padlock and verify the "Issued to" line matches the address in the address bar and verify the certificate date is still valid.
Generally speaking, a legitimate request by a legitimate company to have you verify personal information, especially Social Security Numbers, will NOT come through email. They may send you an email and ask you to call them., but again, go to there web site MANUALLY, or use some other source such as a previous paper bill, and verify the telephone number before calling.